LimboAuth Client Mod

A client mod for LimboAuth
Test server: ely.su

Mod dependencies

• Architectury API

Features of LimboAuth Client Mod

• Saves session tokens to the config file (.minecraft/config/limboauth.yml)
• You can set your own session token via the custom launcher

How does session token work

1. The server makes a token - a struct that contains an issue timestamp
2. The server signs this token with a private verify key (which you can see in the LimboAuth config)
3. The server sends the token to the client, the client saves it to the config file
4. When player joins the server, servers asks client if he has a session token
5. If the player has a session token, it sends it to the server
6. The server verifies the token via the private verify key

How to generate a session token

Pseudocode

# This key must be the same in the plugin config and in the server hash issuer
verify_key = "testkey123"
issue_timestamp = unix_timestamp_millis()
player_username = "TestPlayer123"

username_bytes = utf8.string_to_bytes(lower(player_username))
timestamp_bytes = big_endian.long_to_bytes(issue_timestamp)

# siphash 2-4 (default siphash) is used here
tokenhash = siphash.hash(verify_key, byte_concat(username_bytes, timestamp_bytes))
hash_bytes = big_endian.long_to_bytes(tokenhash)

token = base64.encode_to_string(byte_concat(timestamp_bytes, hash_bytes))

When does the token expire?

• The token expires if the player changes his password
• See ISSUEDTIME database field

Donation

Your donations are really appreciated. Donations wallets/links/cards:

• MasterCard Debit Card (Tinkoff Bank): 5536 9140 0599 1975
• Qiwi Wallet: PFORG or this link
• YooMoney Wallet: 4100 1721 8467 044 or this link
• Monero (XMR): 86VQyCz68ApebfFgrzRFAuYLdvd3qG8iT9RHcru9moQkJR9W2Q89Gt3ecFQcFu6wncGwGJsMS9E8Bfr9brztBNbX7Q2rfYS